Gridinsoft Logo

Hannibal.dll Trojan Heuristic Analysis

Updated 1 month ago
Checked by Malware Check
Hannibal.dll

Technical Analysis

File Name Hannibal.dll
File Type
PE32 executable (DLL) (console) Intel 80386, for MS Windows
Scanner Version 1.0.229.174
Database Version 2025-11-13 12:00:22 UTC

Trojan.Heur!.02212020

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.
N/A
Detection Rate
6,656,000
File Size (bytes)
2025-11-13
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
cd5a2a93fe70d19ebc09756c2ae5bf7f
SHA1
34c24d8b2664de11fd3490fde411615e6fb877f1
SHA256
285752aa3dd456640a9b8d75b1bbb1ee574ac12e619f7d1d0f49ae556526b3cf
SHA512
6f66cab349c5b8cf49df7c23f719c815751f462ce6d32512885b63556edf985bbedecb015504df2def33ed057c66a76aca984b0d78cfccac6aadb9818f2825bc
ImpHash
48e5a2aa5f6c0621ef3dd8880a3f5002

PE Analysis

Basic Information

Image Base 0x10000000
Entry Point 0x1067b194
Compilation Time 2025-07-15 15:28:12
Checksum 0x00000000 (Actual: 0x00663e42)
OS Version 6.0
PEiD Signatures PE32 executable (DLL) (console) Intel 80386, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 18 libraries
Exports 0 functions
Resources 1 Resources
Sections 11 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 557,987 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.rdata 0x0008a000 90,296 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.data 0x000a1000 603,984 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.detourc 0x00135000 4,528 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.detourd 0x00137000 12 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
_RDATA 0x00138000 9,736 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
Aika0 0x0013b000 3,428,844 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
Aika1 0x00481000 1,912 bytes 2,048 bytes 0.45 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 281FC89F13F28116466F706E833FC04A
Aika2 0x00482000 6,645,088 bytes 6,645,248 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 89FF3C2B6FDFC4DDE60D1821FB8AE472
.reloc 0x00ad9000 6,716 bytes 7,168 bytes 5.73 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D8C3C17B288B4B9BB0F877AE1FD050F5
.rsrc 0x00adb000 469 bytes 512 bytes 4.72 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ FAF56402A321A9623BAD49B3F25817C2
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 1 (381 bytes)
Resource Type Count Total Size Percentage
RT_MANIFEST 1 381 bytes
100%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.02212020 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02212020 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for
/

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware